The More We Learn About OPM Hack, The Worse It Gets

Seven percent of Americans were affected in the hack on the Office of Personnel Management and it seems like little can be done for the victims.

By Ben Lawson | July 9, 2015

Seven percent of Americans. That's how many people were affected by the hack on the Office of Personnel Management.

OPM revealed Thursday the information of 21.5 million government employees was stolen in the hack, more than five times the number that was originally reported. (Video via NBC)

The hackers gained access to social security numbers, health information and financial data.

Article Continues Below

But they also gained access to background checks and Standard Form 86, which includes information about family members, psychological health, drug use and criminal history.

In a blog post, OPM Director Katherine Archuleta said her department would provide identity theft protection for the victims.

Which is pretty common in hacks like this. It's what Home Depot did when hackers accessed the data of 53 million customers.

And in the case of thieves getting ahold of credit card information, that might be enough. But the dominant theory right now is the attack didn't come from scammers, but from within the Chinese government — and that makes protecting the victims a lot more complicated.

No one from the federal government has officially blamed China, but National Intelligence Director James Clapper called them a "leading suspect" last week.

And according to some security experts, that could mean dangerous information about federal employees with security clearances is in the hands of a foreign government.

Now, it doesn't necessarily mean America's spy networks are compromised. A former National Security Agency officer wrote in a Daily Beast column that the CIA and NSA don't use outside agencies like the OPM for background checks.

But one expert told Business Insider the hacked information is still "a goldmine for blackmail." Specifically, because OPM keeps track of the results of polygraph tests, which are used to "uncover any blackmailable information about its employees before it can be used against them." That means the deepest, darkest secrets of some high-ranking employees could have been obtained in the hack.

Archuleta said the OPM is bolstering its cybersecurity, but other than identity theft protection, there isn't much being said about how to handle the information that was already leaked.